OpenVZ Forum


Home » General » Support » arpsend problems
arpsend problems [message #33865] Mon, 17 November 2008 13:56 Go to next message
pege is currently offline  pege
Messages: 8
Registered: May 2007
Junior Member
Hello,

I have a cluster of 3 hardware nodes, each with their sets of VEs. On HW2-node I have a VE (call it VE2-1) that should have a specific, public IP address. When tinkering with some VPN issues (VPN from VE2-1 trough HW1 to the recipient), somehow the HW1-node took over the IP and now I can't get it back, the error on restart of said VE2-1 says: arpsend: xxx.xxx.xxx.xxx is detected on another computer : XX.....

When running 'arping' to that IP from the HW2 node, I now get answers from both machines (mac addresses of HW1 and HW2, HW2 should be the only one as far as I understand). How can I clear this situation so that HW1 does not hold on to that IP? I can't even understand how the HW1 has anything to do with it since the VE2-1 is under HW2. Maybe VPN configurations (OpenSwan) have somehow messed this up?

Pheef, that doesn't make much sense does it? Well if anyone understands and could help I'd appreciate it Smile

Re: arpsend problems [message #33866 is a reply to message #33865] Mon, 17 November 2008 14:21 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hello,

please look at the arp table of the HN1 node.
"arp -n" should display it.
Re: arpsend problems [message #33869 is a reply to message #33866] Mon, 17 November 2008 14:34 Go to previous messageGo to next message
pege is currently offline  pege
Messages: 8
Registered: May 2007
Junior Member
On HW1:
arp -n shows a list of IP's but the one with the problem is NOT in the list at all, still 'arping' replies with HW1 own mac-address (note at this time the VE2-1 is using another IP entirely, so no server should have the problematic IP assigned at all).
Re: arpsend problems [message #33870 is a reply to message #33869] Mon, 17 November 2008 14:50 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hello,

could we experiment a little bit Smile Smile
May be the node is "behind" the HN1 and HN looks like a proxy.
Check proxy_arp sysctl parameter on the HN1
Re: arpsend problems [message #33871 is a reply to message #33870] Mon, 17 November 2008 14:59 Go to previous messageGo to next message
pege is currently offline  pege
Messages: 8
Registered: May 2007
Junior Member
Heres the output:

net.ipv4.conf.default.proxy_arp = 0
Re: arpsend problems [message #33872 is a reply to message #33871] Mon, 17 November 2008 15:33 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hello,

could you please show "ip a l", "ip rule l", "ip r l table all", "arp -n -v", "ip neigh show" from the HN1?
Re: arpsend problems [message #33873 is a reply to message #33872] Mon, 17 November 2008 18:14 Go to previous messageGo to next message
pege is currently offline  pege
Messages: 8
Registered: May 2007
Junior Member
Here they are, public addresses end masked, .XX is the problematic one.

hwnode1:~# ip a l
2: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
4: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:1d:09:71:31:1a brd ff:ff:ff:ff:ff:ff
    inet 83.150.87.YY/24 brd 83.150.87.255 scope global eth0
    inet 10.2.1.100/32 scope global eth0
    inet 10.10.1.154/32 scope global eth0
    inet 83.150.87.XX/32 scope global eth0
    inet 10.10.1.10/32 scope global eth0
    inet 83.150.87.ZZ/24 brd 83.150.87.255 scope global secondary eth0:0
    inet6 fe80::21d:9ff:fe71:311a/64 scope link 
       valid_lft forever preferred_lft forever
6: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
    link/ether 00:1d:09:71:31:18 brd ff:ff:ff:ff:ff:ff
    inet 10.10.1.1/24 brd 10.10.1.255 scope global eth1
    inet 10.10.1.11/24 brd 10.10.1.255 scope global secondary eth1:0
    inet6 fe80::21d:9ff:fe71:3118/64 scope link 
       valid_lft forever preferred_lft forever
8: sit0: <NOARP> mtu 1480 qdisc noop 
    link/sit 0.0.0.0 brd 0.0.0.0
1: venet0: <BROADCAST,POINTOPOINT,NOARP,UP,10000> mtu 1500 qdisc noqueue 
    link/void 


hwnode1:~# ip rule l
0:	from all lookup 255 
32766:	from all lookup main 
32767:	from all lookup default 



hwnode1:~# ip r l table all
EXTERNAL_VPN_ENDPOINT_1 via 83.150.87.254 dev eth0  src 83.150.87.XX 
10.10.1.110 dev venet0  scope link 
10.10.1.111 dev venet0  scope link 
EXTERNAL_VPN_ENDPOINT_2 via 83.150.87.254 dev eth0  src 83.150.87.XX 
10.10.1.109 dev venet0  scope link 
10.10.1.115 dev venet0  scope link 
10.10.1.112 dev venet0  scope link 
EXTERNAL_VPN_ENDPOINT_3 via 83.150.87.254 dev eth0  src 10.10.1.1 
10.10.1.102 dev venet0  scope link 
10.10.1.103 dev venet0  scope link 
10.10.1.101 dev venet0  scope link 
83.150.87.0/24 dev eth0  proto kernel  scope link  src 83.150.87.YY 
10.10.1.0/24 dev eth1  proto kernel  scope link  src 10.10.1.1 
default via 83.150.87.254 dev eth0 
local 83.150.87.XX dev eth0  table 255  proto kernel  scope host  src 83.150.87.XX 
broadcast 10.10.1.255 dev eth1  table 255  proto kernel  scope link  src 10.10.1.1 
broadcast 127.255.255.255 dev lo  table 255  proto kernel  scope link  src 127.0.0.1 
local 10.10.1.11 dev eth1  table 255  proto kernel  scope host  src 10.10.1.1 
local 10.10.1.10 dev eth0  table 255  proto kernel  scope host  src 10.10.1.10 
local 83.150.87.ZZ dev eth0  table 255  proto kernel  scope host  src 83.150.87.YY 
local 10.10.1.154 dev eth0  table 255  proto kernel  scope host  src 10.10.1.154 
local 10.10.1.1 dev eth1  table 255  proto kernel  scope host  src 10.10.1.1 
broadcast 83.150.87.255 dev eth0  table 255  proto kernel  scope link  src 83.150.87.YY 
local 83.150.87.YY dev eth0  table 255  proto kernel  scope host  src 83.150.87.YY 
local 10.2.1.100 dev eth0  table 255  proto kernel  scope host  src 10.2.1.100 
broadcast 127.0.0.0 dev lo  table 255  proto kernel  scope link  src 127.0.0.1 
local 127.0.0.1 dev lo  table 255  proto kernel  scope host  src 127.0.0.1 
local 127.0.0.0/8 dev lo  table 255  proto kernel  scope host  src 127.0.0.1 
local ::1 via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::21d:9ff:fe71:3118 via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 4294967295
local fe80::21d:9ff:fe71:311a via :: dev lo  proto none  metric 0  mtu 16436 advmss 16376 hoplimit 4294967295
fe80::/64 dev eth0  metric 256  expires 1339630sec mtu 1500 advmss 1440 hoplimit 4294967295
fe80::/64 dev eth1  metric 256  expires 1339630sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev eth0  metric 256  expires 1339630sec mtu 1500 advmss 1440 hoplimit 4294967295
ff00::/8 dev eth1  metric 256  expires 1339630sec mtu 1500 advmss 1440 hoplimit 4294967295
unreachable default dev lo  proto none  metric -1  error -101 hoplimit 255


hwnode1:~# arp -n -v
Address                  HWtype  HWaddress           Flags Mask            Iface
10.10.1.151              ether   00:1D:09:70:BF:92   C                     eth1
10.10.1.203              ether   00:1D:09:71:30:6E   C                     eth1
10.10.1.201              ether   00:1D:09:71:30:6E   C                     eth1
10.10.1.152              ether   00:1D:09:70:BF:92   C                     eth1
10.10.1.209              ether   00:1D:09:71:30:6E   C                     eth1
10.10.1.153              ether   00:1D:09:70:BF:92   C                     eth1
10.10.1.202              ether   00:1D:09:71:30:6E   C                     eth1
10.10.1.159              ether   00:1D:09:70:BF:92   C                     eth1
10.10.1.3                ether   00:1D:09:71:30:6E   C                     eth1
10.10.1.2                ether   00:1D:09:70:BF:92   C                     eth1
83.150.87.254            ether   00:15:C7:21:75:40   C                     eth0
10.10.1.103              *       <from_interface>    MP                    eth1
10.10.1.102              *       <from_interface>    MP                    eth1
10.10.1.115              *       <from_interface>    MP                    eth1
10.10.1.112              *       <from_interface>    MP                    eth1
10.10.1.111              *       <from_interface>    MP                    eth1
10.10.1.110              *       <from_interface>    MP                    eth1
10.10.1.109              *       <from_interface>    MP                    eth1
Entries: 18	Skipped: 0	Found: 18


hwnode1:~# ip neigh show
10.10.1.151 dev eth1 lladdr 00:1d:09:70:bf:92 STALE
10.10.1.203 dev eth1 lladdr 00:1d:09:71:30:6e STALE
10.10.1.201 dev eth1 lladdr 00:1d:09:71:30:6e REACHABLE
10.10.1.152 dev eth1 lladdr 00:1d:09:70:bf:92 STALE
10.10.1.209 dev eth1 lladdr 00:1d:09:71:30:6e STALE
10.10.1.153 dev eth1 lladdr 00:1d:09:70:bf:92 STALE
10.10.1.202 dev eth1 lladdr 00:1d:09:71:30:6e STALE
10.10.1.159 dev eth1 lladdr 00:1d:09:70:bf:92 STALE
10.10.1.3 dev eth1 lladdr 00:1d:09:71:30:6e DELAY
10.10.1.2 dev eth1 lladdr 00:1d:09:70:bf:92 REACHABLE
83.150.87.254 dev eth0 lladdr 00:15:c7:21:75:40 DELAY
Re: arpsend problems [message #33886 is a reply to message #33873] Tue, 18 November 2008 08:38 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hello,

arpsend complains about detecting 83.150.87.XX ip address on the HN1 and indeed "ip a l" shows that HN1 holds on this ip.

Quote:

inet 83.150.87.XX/32 scope global eth0



Re: arpsend problems [message #33889 is a reply to message #33886] Tue, 18 November 2008 10:31 Go to previous message
pege is currently offline  pege
Messages: 8
Registered: May 2007
Junior Member
You're right, I did not realize that Smile

These addresses are the ones that the VE2-1 has had assigned (when tweaking with the VPN) and they all seem to now belong to HW1.

inet 10.2.1.100/32 scope global eth0
inet 10.10.1.154/32 scope global eth0
inet 83.150.87.XX/32 scope global eth0


So, how do I clear them from HW1?

Thanks for your help maratrus!

*edit* Never mind, of course normally "ip addr del", thanks a lot, I think this will fix the issue. As you see, I'm a newbie when it comes to networking Smile

*edit2* Out of curiosity, do you know WHY this happened (that the HW1 "stole" the IPs)?

*edit3 - time to stop asking questions? :)* When restarting ipsec, HW1 took the IP again, so it's an ipsec configuration issue and has nothing to do with OpenVZ, I think

[Updated on: Tue, 18 November 2008 10:51]

Report message to a moderator

Previous Topic: install error
Next Topic: Template Metadata
Goto Forum:
  


Current Time: Thu Nov 14 08:02:28 GMT 2024

Total time taken to generate the page: 0.03033 seconds